ponose.blogg.se - How to port security with dynamically learned mac addresses

For example, if you configure the port security for a port to have a maximum of ten MAC addresses but add only two MAC addresses, the next eight new source MAC addresses that are received on that port are added to the secured MAC address list for the port.Īfter you allocate a maximum number of MAC addresses on a port, you can also specify how long the addresses on the port will remain secure. When you manually change the maximum number of MAC addresses that are associated to a port greater than the default value and then manually enter the authorized MAC addresses, any remaining MAC addresses are automatically configured. Once you manually configure or autoconfigure the addresses, they are stored in nonvolatile RAM (NVRAM) and are maintained after a reset. Out of a maximum allocated number of MAC addresses on a port, you can manually configure all, allow all to be autoconfigured, or configure some manually and allow the rest to be autoconfigured. 901 (1 + 900) on one port, 101 (1 + 100) on another port, 25 (1 + 24) on a third port, and 1 address on each of the rest of the portsĪfter you allocate the maximum number of MAC addresses on a port, you can either specify the secure MAC address for the port manually or have the port dynamically configure the MAC address of the connected devices.513 (1 + 512) each on two ports in a system and 1 address each on the rest of the ports.1025 (1 + 1024) addresses on one port and 1 address each on the rest of the ports.The following combinations are valid allocations:

The maximum number of MAC addresses that you can allocate for each port depends on your network configuration. That is, the total number of MAC addresses on any port cannot exceed 1025. The total number of MAC addresses that can be specified per port is limited to the global resource of 1024 plus 1 default MAC address. Allowing Traffic Based on the Host MAC Address

Alternatively, you can use port security to filter traffic that is destined to or received from a specific host that is based on the host MAC address. You can use port security to block input to an Ethernet, Fast Ethernet, or Gigabit Ethernet port when the MAC address of the station attempting to access the port is different from any of the MAC addresses that are specified for that port. Monitoring Port Security Understanding How Port Security Works.

Configuring Port Security on the Switch.

Note For complete syntax and usage information for the commands that are used in this chapter, refer to the Catalyst 4500 Series, Catalyst 2948G, Catalyst 2948G-GE-TX, and Catalyst 2980G Switches Command Reference.